GHSA-qw8w-2xcp-xg59
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qw8w-2xcp-xg59
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-qw8w-2xcp-xg59/GHSA-qw8w-2xcp-xg59.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-qw8w-2xcp-xg59
- Aliases
-
- CVE-2014-1832
- Published
- 2018-10-10T17:29:27Z
- Modified
- 2023-11-01T04:45:31.343221Z
- Summary
- Insecure use of temporary files in Phusion passenger
- Details
-
Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.
- Database specific
{ "severity": "LOW", "nvd_published_at": "2015-02-19T15:59:04Z", "github_reviewed": true, "cwe_ids": [], "github_reviewed_at": "2020-06-16T21:52:59Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-1832
- https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
- https://bugzilla.redhat.com/show_bug.cgi?id=1058992
- https://github.com/advisories/GHSA-qw8w-2xcp-xg59
- https://github.com/phusion/passenger
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2014-1832.yml
- http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
- http://openwall.com/lists/oss-security/2014/01/29/6
- http://openwall.com/lists/oss-security/2014/01/30/3
Affected packages
RubyGems / passenger
Package
- Name
- passenger
- Purl
- pkg:gem/passenger